Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide (STIG) V2R1
Rules and Groups employed by this XCCDF Profile
-
Ensure PAM Enforces Password Requirements - Minimum Different Characters
The pam_pwquality module's <code>difok</code> parameter sets the number of characters in a password that must not be present in and old password du...Rule Medium Severity -
Ensure PAM Enforces Password Requirements - Enforcing
Verify that the operating system uses "pwquality" to enforce the password complexity rules. Verify the pwquality module is being enforced by opera...Rule Medium Severity -
Set PAM''s Password Hashing Algorithm
The PAM system service can be configured to only store encrypted representations of passwords. In "/etc/pam.d/common-password", the <code>password<...Rule Medium Severity -
Check that vlock is installed to allow session locking
The Ubuntu 22.04 operating system must have vlock installed to allow for session locking. The <code>vlock</code> package can be installed with th...Rule Medium Severity -
Install the opensc Package For Multifactor Authentication
Theopensc-pkcs11package can be installed with the following command:$ apt-get install opensc-pkcs11
Rule Medium Severity -
Install Smart Card Packages For Multifactor Authentication
Configure the operating system to implement multifactor authentication by installing the required package with the following command: The <code>li...Rule Medium Severity -
Configure Smart Card Certificate Authority Validation
Configure the operating system to do certificate status checking for PKI authentication. Modify all of the <code>cert_policy</code> lines in <code>...Rule Medium Severity -
Configure Smart Card Certificate Status Checking
Configure the operating system to do certificate status checking for PKI authentication. Modify all of the <code>cert_policy</code> lines in <code>...Rule Medium Severity -
Configure Smart Card Local Cache of Revocation Data
Configure the operating system for PKI-based authentication to use local revocation data when unable to access the network to obtain it remotely. M...Rule Medium Severity -
Enable Smart Card Logins in PAM
This requirement only applies to components where this is specific to the function of the device or has the concept of an organizational user (e.g....Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.